All of lore.kernel.org
 help / color / mirror / Atom feed
From: Pablo Neira <pablo@eurodev.net>
To: Netfilter Development Mailinglist <netfilter-devel@lists.netfilter.org>
Subject: [IPTABLES] [PATCH] fix is_same with userspacesize != size in targets
Date: Sun, 06 Mar 2005 23:41:36 +0100	[thread overview]
Message-ID: <422B8720.2000208@eurodev.net> (raw)

[-- Attachment #1: Type: text/plain, Size: 506 bytes --]

I've discovered a bug in same_is while fixing deletion in CLUSTERIP.

CLUSTERIP has to define a different userspacesize for the private target 
info because of the config pointer, this should be enough to fix rule 
deletion but the function same_is returns a wrong pointer to the 
comparation mask array since it doesn't add the size of ipt_entry. 
Because of that, target_same returns 0 and no rule matches.

Impact: This just affects rule deletion with targets that has 
userspacesize != size.

--
Pablo

[-- Attachment #2: fix-del-with-userspacesize-target.patch --]
[-- Type: text/x-patch, Size: 795 bytes --]

Index: libiptc/libip4tc.c
===================================================================
--- libiptc/libip4tc.c	(revision 3742)
+++ libiptc/libip4tc.c	(working copy)
@@ -210,6 +210,7 @@
 	mptr = matchmask + sizeof(STRUCT_ENTRY);
 	if (IPT_MATCH_ITERATE(a, match_different, a->elems, b->elems, &mptr))
 		return NULL;
+	mptr += IPT_ALIGN(sizeof(struct ipt_entry_target));
 
 	return mptr;
 }
Index: libiptc/libip6tc.c
===================================================================
--- libiptc/libip6tc.c	(revision 3742)
+++ libiptc/libip6tc.c	(working copy)
@@ -242,6 +242,7 @@
 	mptr = matchmask + sizeof(STRUCT_ENTRY);
 	if (IP6T_MATCH_ITERATE(a, match_different, a->elems, b->elems, &mptr))
 		return NULL;
+	mptr += IP6T_ALIGN(sizeof(struct ip6t_entry_target));
 
 	return mptr;
 }

                 reply	other threads:[~2005-03-06 22:41 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=422B8720.2000208@eurodev.net \
    --to=pablo@eurodev.net \
    --cc=netfilter-devel@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.